Lucene search
K

1339 matches found

NVD
NVD
added 2019/09/26 4:15 a.m.16 views

CVE-2015-9445

The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegalleryajaxaction operation...

8.8CVSS9.2AI score0.01069EPSS
Exploits1References3
NVD
NVD
added 2019/09/26 4:15 a.m.17 views

CVE-2015-9446

The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via datagalleryID to wp-admin/admin-ajax.php...

8.8CVSS9.2AI score0.02425EPSS
Exploits1References3
Prion
Prion
added 2019/09/26 4:15 a.m.13 views

Sql injection

The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via datagalleryID to wp-admin/admin-ajax.php...

6.5CVSS8.3AI score0.02425EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/09/26 2:15 a.m.17 views

CVE-2015-9438

The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...

5.4CVSS5.4AI score0.01044EPSS
Exploits1References3
Prion
Prion
added 2019/09/26 2:15 a.m.10 views

Design/Logic Flaw

The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dwshowwidget idbase, widgetnumber, or instance parameter...

3.5CVSS6.1AI score0.01044EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/09/26 1:15 a.m.14 views

CVE-2015-9423

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...

5.4CVSS5.4AI score0.01044EPSS
Exploits1References3
NVD
NVD
added 2019/09/26 1:15 a.m.14 views

CVE-2015-9422

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload plugneditwidth, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters...

6.5CVSS6.4AI score0.00859EPSS
Exploits1References3
Prion
Prion
added 2019/09/26 1:15 a.m.8 views

Code injection

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...

3.5CVSS6.1AI score0.01044EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/09/26 1:15 a.m.7 views

Design/Logic Flaw

The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=getsoundcloudplayer id parameter...

4.3CVSS6.1AI score0.01365EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/09/26 12:24 a.m.25 views

CVE-2015-9423

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload PlugneditBGColor, PlugneditEditorMargin, plugneditwidth, pnemedcount, or plugneditcontent parameters...

5.4AI score0.01044EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/09/26 12:19 a.m.24 views

CVE-2015-9422

The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CSRF with resultant XSS via wp-admin/admin-ajax.php?action=simplefieldsfieldtypepostdialogload plugneditwidth, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters...

6.3AI score0.00859EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/09/26 12:8 a.m.15 views

CVE-2015-9421

The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omscpopup id parameter...

6.3AI score0.00867EPSS
Exploits1References3
NVD
NVD
added 2019/09/20 4:15 p.m.13 views

CVE-2015-9394

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=packageaddnew to wp-admin/admin-ajax.php...

8.8CVSS8.8AI score0.00671EPSS
Exploits0References2
CVE
CVE
added 2019/09/20 3:3 p.m.223 views

CVE-2015-9394

The CVE concerns the WordPress plugin Users Ultra Membership (plugin) before 1.5.63. A CSRF vulnerability exists via action=package_add_new to wp-admin/admin-ajax.php, enabling an attacker to perform actions on behalf of authenticated users. Exploitation details are not provided beyond the CSRF d...

8.8CVSS8.7AI score0.00671EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/09/16 1:15 p.m.16 views

CVE-2016-10958

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via esmediaimages to wp-admin/admin-ajax.php...

7.5CVSS7.8AI score0.01884EPSS
Exploits1References3
NVD
NVD
added 2019/09/16 1:15 p.m.12 views

CVE-2016-10959

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...

6.5CVSS6.6AI score0.01105EPSS
Exploits1References2
Prion
Prion
added 2019/09/16 1:15 p.m.11 views

Cross site request forgery (csrf)

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...

4CVSS7.2AI score0.01105EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/09/16 12:15 p.m.11 views

Code injection

The newspaper theme before 6.7.2 for WordPress has script injection via tdadsheader to admin-ajax.php...

7.5CVSS9.5AI score0.02173EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/16 12:8 p.m.19 views

CVE-2016-10959

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload exploitable with CSRF via esmediaimages to wp-admin/admin-ajax.php...

6.6AI score0.01105EPSS
Exploits1References2
0day.today
0day.today
added 2019/09/12 12:0 a.m.65 views

WordPress SlickQuiz 1.3.7.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: SlickQuiz Vendor URL: https://wordpress.org/plugins/slickquiz/ Type: Cross-Site Scripting CWE-79 Date found: 2019-05-30 Date published: 2019-09-10 CVSSv3 Score: 6.1...

4.3CVSS0.01248EPSS
Exploits4
Rows per page
Query Builder